Keeping Nityasha Secure
Your data is at the centre of everything you do on Nityasha — personal information, activity, preferences, and more. Protecting it is not an afterthought; it is foundational to how we design, build, and ship the App.
Here is how we think about security and what we do about it:
Encryption in transit and at rest
All data transmitted between your device and our servers is encrypted using TLS 1.2+. Sensitive data stored on our servers is encrypted at rest using AES-256. Your credentials are hashed and never stored in plain text.
Independent security assessments
We work with independent security firms to conduct regular audits of our infrastructure and application code. Critical findings are remediated before public disclosure. Audit summaries are published in our Security Bulletin below.
Compliance with Indian data protection law
Nityasha is designed to comply with the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000. We maintain a lawful basis for all data processing, honour your rights as a Data Principal, and appoint a Grievance Officer to handle your concerns.
Minimal data collection
We collect only the data that is strictly necessary to provide and improve the App. We do not collect data speculatively. When data is no longer needed, we delete or anonymise it securely.
How to reach us
Found a vulnerability or security issue? security@nityasha.com. We take all reports seriously and aim to acknowledge receipt within 24 hours and resolve confirmed issues within 30 days.
Bug Bounty Program
We believe that working with security researchers makes Nityasha safer for everyone. If you discover a security vulnerability in our App or infrastructure, we want to hear from you.
In scope
- Nityasha mobile application (iOS and Android)
- Nityasha backend APIs and authentication systems
- nityasha.com and related subdomains
Out of scope
- Denial of service attacks
- Social engineering or phishing of Nityasha employees
- Third-party services or infrastructure not controlled by us
- Vulnerabilities in outdated or unsupported versions of the App
How to report
Email security@nityasha.com with a detailed description of the vulnerability, steps to reproduce, and any supporting material (screenshots, PoC code). Please do not publicly disclose the vulnerability before we have had a chance to address it.
Rewards
We offer rewards for valid, in-scope reports based on severity. Reward amounts are determined at our discretion after triage and verification. We will notify you of our decision within 14 days of receipt.
FAQ
Security Bulletin
We publish summaries of resolved security issues and audit findings here. This is our commitment to transparency with our users.
Nityasha has not experienced any confirmed personal data breaches or critical security incidents. This bulletin will be updated promptly if that changes.
To report a vulnerability, email security@nityasha.com.